The present invention relates, in general, to the field of data security, and more specifically, to securing and tracking data in a Data Processing System (DPS).
One of the most valuable assets of an organization is its data. Data can be structured data or unstructured data. The structured data is the data stored in a database such as Oracle database. Examples of structured data can be employee name, address, salary information, and so forth. The unstructured data includes files stored in the hard drives of users or in a network. Examples of unstructured data include document files, such as Microsoft Word, Adobe PDF, Microsoft Excel, Google Spreadsheets, Microsoft PowerPoint, media files, source code files, and so forth.
With an increase in the number of employees working in the organization, preventing unauthorized access to unstructured data and structured data in a flat file format becomes a challenge. Moreover, the organization needs to prevent unauthorized use of the data by authenticated users. In order to address these challenges, various methods for data security exist.
One of the conventional methods for securing data involves making the data accessible only to authenticated users where a user's credentials are authenticated before providing access to the data. However, once authenticated, the user can execute undesirable operations on the data. Moreover, the operations executed on the data cannot be tracked.
Another conventional method for securing data involves restricting the operations that an authenticated user can execute on the data. These restrictions may comprise restricting the authenticated user to the following operations:
copying the data, saving the data in a new file, and printing the data. However, these restrictions can decrease the efficiency of the authenticated user.
In light of the forgoing discussion, a need exists for a method and system for securing and tracking data. The method and system should provide access only to authenticated users. The method and system should also be capable of tracking any unauthorized operations executed on the data. Further, there is an ongoing need to reduce restrictions on authenticated users without compromising the security of the data. The present invention addresses such needs.